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WHAT IS CLAIMED IS: 

1 1 . A method of authenticating a device, the method comprising: 

2 receiving a certificate from the device, the certificate including a plurahty of fields, 

3 including a field holding a digital signature from a certifying authority; 

4 verifying the digital signatures in the certificate, the verifying including at least one 

5 of 

6 verifying the certifying authority digital signature using the certifying 

7 authority public key; and 

8 verifying a device digital signature using a device public key ; and 

9 receiving validation data from a source, the validation data identifying one or more 
10 data in the certificate as valid or invalid according to predetermined criteria; 

Ol 1 and 



jj\2 if the digital signatures are verified and validated, transmitting a session key to the 

2!l3 device to establish a secure communication channel. 



1 2. The method of claim 1 wherein the source is one of a portable medium and firmware. 

1 3. The method of claim 1 wherein the device is one of an engine, a device that embeds an 

2 engine, a third party digital rights management protocol, an application running in an open 



rj 3 computing environment, and a clearinghouse server, the certificate identifying one or more 



4 secure application programming interfaces (APIs) for which an application operable with the 

5 device may have access. 

1 4. The method of claim 1 wherein the certificate is digitally signed by a private key 

2 assigned according to a class of device, the class of device including engines, device devices 

3 embedding an engine with no external digital input/output port, device devices embedding an 

4 engine with digital input/output ports, device applications not embedding an engine, third 

5 party digital rights management protocols, and clearinghouse servers. 

1 5. The method of claim 1 wherein the certifying of the device includes certifying a second 

2 host for a host to second host secure communication channel, the certifying allowing a copy 

3 function between the host and the second host. 
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1 6. The method of claim 1 wherein the data in the certificate specifies one or more of a 

2 product category, a product hne, a model, a revision and a serial number of the device. 

1 7. The method of claim 6 wherein the source validation data is compared with the data in 

2 the certificate to identify as invalid one or more of the product category, the product line, the 

3 model, the revision and the serial number of the device. 

1 8. The method of claim 1 wherein the certificate includes one or more of a certifying 

2 authority identifier field, a version field, a sign key identifier field, an exposed methods field, 

3 a company field, a model identifier field, a revision field, a metadata identifier field, a device 

4 digital signature key field, a certifying authority digital signature field, a serial number field, 

5 a protocol public key field and a device digital signature field, wherein the certifying 

^ij 6 authority digital signature verifies one or more of the fields in the certificate and the device 

't; 7 digital signature verifies one or more of the fields in the certificate. 

1 9. The method of claim 1 wherein the certificate enables an entity receiving the certificate 

C"^ 2 to control the quality of the device by invalidating devices that are false or have latent 

Q 3 defects, 

m 

RJ 

SJ 1 10. The method of claim 6 wherein the certificate further includes fields provided by a 

J": 2 device manufacturer, including the company public key, wherein the company public key is 

3 digitally signed by the certifying authority. 

1 11. The method of claim 6 wherein the certificate further includes fields provided by a 

2 device manufacturer, the fields including the device public key, wherein the device public 

3 key is digitally signed by the company. 

1 12. The method of claim 6 wherein one or more of the product category, the product line, 

2 the model, the revision and the serial number of the device are provided to a certificate 

3 creator after the device passes a qualification procedure. 
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1 13. The method of claim 1 wherein the certificate specifies one or more certificate classes, 

2 the certificate classes providing a set of methods that may be exposed after the transmitting 

3 the session key. 

1 14. The method of claim 1 3 wherein the set of methods includes digital rights management 

2 (DRM) methods include one or more of a copy method, a record method, a play method, a 

3 read secure metadata method, a write secure metadata method, and an unlock method, the 

4 DRM methods operable according to a type of the device. 

1 15. The method of claim 14 wherein: 

2 the unlock method is associated with a clearinghouse server; 

3 the copy method is associated with one of an engine and a first DRM application 

4 operable with a second DRM application; and 

5 the record method is associated with one or more of a player, a mastering tool, a 

T! 

M 6 kiosk, and a clearinghouse server. 

O 

1 16. The method of claim 1 wherein each of the fields hold 326-bit values for 163-bit elliptic 

Q 2 curve cryptography. 

— — s 

vj 1 17. The method of claim 1 wherein the certifying authority public key is referenced by a 

^^j 2 field of the certificate. 

1 18. The method of claim 1 wherein the certifying authority public key is in the firmware 

2 component, 

1 19. An apparatus for certifying a device, the apparatus comprising: 

2 means for receiving a certificate request from the device, the certificate request 

3 including a plurality of fields, including a field holding a protocol public key; 

4 means for verifying digital signatures in the certificate, the verifying including at least 

5 one of 

6 verifying the certifying authority digital signature using the certifying 

7 authority public key; and 
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8 verifying a device digital signature using a device public key in the certificate; 

9 and 

10 means for receiving validation data from a source, the validation data identifying one 

1 1 or more data in the certificate as valid or invalid according to predetermined 

12 criteria; and 

13 means for transmitting a session key to the device to establish a secure 

14 communication channel when the digital signatures are verified and validated. 



An engine configured to certify a host, the engine comprising: 
a firmware component including: 

a block configured to receive a certificate fi*om the host, the certificate 
including a plurality of fields, including a field holding a protocol public key; 
a block configured to verify one or more digital signatures in the certificate, 
including at least one of: 

a certifying authority digital signature using a certifying authority 
public key; and 

a device digital signature using a device public key in the certificate; 

and 

a block configured to receive validation data from a source, the validation data 
identifying one or more data in the certificate as valid or invalid according to 
predetermined criteria; and 
a block configured to transmit a session key to the host to establish a secure 

communication channel when the digital signatures are verified and validated. 



1 21. A computer program product, the computer program product comprising: 

2 signal bearing media bearing digital information holding a firmware component, the 

3 firmware component including: 

4 a block configured to receive a certificate from the device, the certificate 

5 including a plurality of fields, including a field holding a protocol public key; 

6 a block configured to verify digital signatures in the certificate, including at 

7 least one of 

8 a certifying authority digital signature using the certifying authority 

9 pubHc key; and 
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10 a device digital signature using a device public key in the certificate; 

1 1 and 

12 a block configured to receive validation data from a source, the validation data 

13 identifying one or more data in the certificate as valid or invalid according to 

14 predetermined criteria; and 

15 a block configured to transmit a session key to the device to establish a secure 

16 communication channel w^hen the digital signatures are verified and validated. 

1 22. The computer program product of claim 21 wherein the certifying authority public key 

2 is referenced by a field of the certificate. 

1 23. The computer program product of claim 21 wherein the certifying authority public key 

2 is in the firmware component. 
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